Sign in

Hi. This is Febin, Junior Cyber Security Engineer.

In this article I am gonna explain, how I got a Telescope as a reward from Celestron for finding a subdomain takeover vulnerability on their site.

I am not only interested in Hacking, Red teaming and AppSec but also interested in Astronomy, Stargazing, Reading about Astrophysics and Cosmology. So, it’s been a dream to have a telescope at my home, but I didn’t have enough money to have that. Then I thought to move it to the next level. What about hacking one of the leading Telescope companies, report the vulnerabilities to…


This is Febin. This post is a walk through on a vulnhub machine called “BrainPan”. BrainPan is a nice box for the ones who are preparing for the OSCP exam, learning penetration testing & exploit development.

So let’s begin.

First create a separate directory for brainpan.


This is Febin, a Cyber Security Enthusiast and Ethical Hacker. In this blog, I am going to tell you the story of how I hacked my neighbour’s wi-fi.

Disclaimer: I am not promoting any illegal stuff, this is meantfor educational purposes.

I have a BSNL broadband connection at my home, and my neighbour also has a BSNL broadband connection. …


This is Febin,

Twitter : febinrev

In this Post , I am gonna demonstrate windows Stack buffer overflow and exploit development in CloudMe 1.11.2 .

CloudMe is a cloud storage service. This buffer overflow vulnerability was patched and the exploit is released publicly in 2018 (CVE-2018–6892).

This demo will help guys who are preparing for OSCP or equivalent Certifications and also help guys (like me!) who wanna learn advanced hacking and exploit development. There are some executables/apps like “vulnserver” that are intentionally built to be vulnerable for educational purposes, but this is a real life application. …

Hi, I am Febin, a security researcher, bug bounty hunter, CEH and a cybersecurity enthusiast.

Twitter: febinrev

In this blog I am going to talk about CSRF!

What is CSRF?

CSRF (Cross-Site Request Forgery), as its name suggests it is all about requesting a resource to another domain or webserver from an attacker created webpage.

For example, an attacker webpage sends a POST/GET request to change the password of the victim to a website in which the victim has an account created in it. …


CEH | CEH(Master) | CyberSecurity Enthusiast | Bug Hunter | Always seeks for knowledge

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store